From 0c8b25a684fa6797da338ff1fdb4786ef972823d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 21 Jan 2026 15:24:03 +0100 Subject: [PATCH] library: ssl: add public function to retrieve the list of supported groups Signed-off-by: Valerio Setti --- include/mbedtls/ssl.h | 18 ++++++++++++++++++ library/ssl_tls.c | 5 +++++ 2 files changed, 23 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4fb4584362..ec69c83f15 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3660,6 +3660,24 @@ void mbedtls_ssl_conf_psk_cb(mbedtls_ssl_config *conf, #endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ +/** + * \brief Return the list of supported groups (curves and finite fields). + * + * \note The returned list is ordered in ascending order of resource + * usage. This follows the same pattern of the default list being + * used when mbedtls_ssl_conf_groups() is not called. + * + * \note The returned list represents supported groups in the current build + * configuration, not the one set by mbedtls_ssl_conf_groups(). + * + * \note The returned list is static so the user doesn't need to worry + * about it being freed. + * + * \return The list made of IANA NamedGroups IDs (MBEDTLS_SSL_IANA_TLS_GROUP_xxx) + * with the last item always being MBEDTLS_SSL_IANA_TLS_GROUP_NONE. + */ +const uint16_t *mbedtls_ssl_get_supported_group_list(void); + /** * \brief Set the allowed groups in order of preference. * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index be071defac..e8ebe7d922 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2360,6 +2360,11 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf, } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +const uint16_t *mbedtls_ssl_get_supported_group_list(void) +{ + return ssl_preset_default_groups; +} + /* * Set the allowed groups */